Initial Settings after installing the CentOS 7

1) To change the hostname permanently, edit the following file:

sudo vi /etc/hostname

centos7

Here you can simply put the name of your system (in my case, I have assigned it CentOS-7):

centos7 (1)

After that, edit the hosts file:

sudo vi /etc/hosts

centos7 (2)

Here add the same name, that you have added in the /etc/hostname file, after 127.0.0.1:

centos7 (3)

After reboot, it will display the new hostname.

2) After login to the CentOS7 server(minimal installation), you will notice that the system doesn’t have ifconfig command :

centos7 (4)

Install the net-tools package which will include ifconfig:

sudo yum install net-tools

centos7 (5)

Try the ifconfig command once again:

centos7 (6)

3) Change the default network interface name to “eth0″

CentOS7 has a default nic name as “en016…..”, as we can see in above screenshoot. To change it back to the default network device name like “ethX”, edit the grub file:

sudo vi /etc/default/grub

centos7 (7)

Search for the line “GRUB_CMDLINE_LINUX” and append the following: “net.ifnames=0 biosdevname=0

Will look like this:

GRUB_CMDLINE_LINUX="rd.lvm.lv=rootvg/usrlv rd.lvm.lv=rootvg/swaplv crashkernel=auto 
vconsole.keymap=usrd.lvm.lv=rootvg/rootlv vconsole.font=latarcyrheb-sun16 rhgb 
quiet net.ifnames=0 biosdevname=0"

centos7 (8)

Create a new configuration based on the currently running system using grub2-mkconfig command:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

centos7 (9)

Rename the interface files by renaming the file “/etc/sysconfig/network-scripts/ifcfg-en01…

sudo mv /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eth0

centos7 (10)

Reboot the system:

centos7 (11)

After reboot, check the interface name:

centos7 (12)

4) Configure the static ip on the server:

Edit the interface file under /etc/sysconfig/network-scripts/ directory:

sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0

centos7 (13)

Here is my ifcfg-eth0 file as a sample, please change it according to your requirement:

DEVICE="eth0"
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.250.50
NETMASK=255.255.255.0
GATEWAY=192.168.250.2
DNS1=192.168.250.2

centos7 (14)

Stop and disable the NetworkManager service, because we don’t need it on the server:

sudo systemctl stop NetworkManager 
sudo systemctl disable NetworkManager

centos7 (15)

Restart the network service(Be careful, if you are connecting remotely, because you will be disconnected after issue this command):

sudo service network restart

centos7 (16)

Check the newly assigned static ip:

centos7 (17)

5) Disable IPv6:

First check that IPv6 is enabled or not:

lsmod | grep -i ipv6

centos7 (18)

Edit the grub file:

sudo vi /etc/default/grub

centos7 (19)

Search for the line “GRUB_CMDLINE_LINUX” and add the following at the beginning: “ipv6.disable=1

Will look like this:

GRUB_CMDLINE_LINUX="ipv6.disable=1 rd.lvm.lv=rootvg/usrlv...

centos7 (20)

Create a new configuration based on the currently running system using grub2-mkconfig command:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

centos7 (21)

Reboot the system:

centos7 (22)

Once again, check the IPv6 on the system:

centos7 (23)

6) EPEL repository on Centos 7

To install the EPEL repository, issue the following command:

sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm

centos7 (24)

List your new repos:

sudo yum repolist

centos7 (25)

7) Enable iptables services(instead of firewalld):

When you will try to start/restart the iptables on newly install server, will get this error:

centos7 (26)

To fix this error, install the iptables-services package:

sudo yum install iptables-services

centos7 (27)

Re-run the command to restart the iptables:

sudo service iptables restart

centos7 (28)

Hope this will help you!

OpenVPN server on CentOS 6.4 behind NAT

This tutorial describes that how to configure the OpenVPN Server in CentOS 6.4 and clients in Windows XP/7.

I am taking the scenario of SOHO network, which is protected by Firewall, we’ll implement the OpenVPN on internal CentOS 6.4 server to access the internal SOHO network (Server and PCs) through the internet from anywhere securely.

openvpn

Before starting this tutorial, we need to install the RPMforge and EPEL repositories:

RPMforge Installation:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm
yum repolist

EPEL Installation:

wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import RPM-GPG-KEY-EPEL-6
rpm -ivh epel-release-6-8.noarch.rpm
yum repolist
OpenVPN Server Installation:

Install the openvpn package using the following command:

yum install openvpn easy-rsa

1

Make the openvpn service to start automatically on boot:

chkconfig openvpn on

1a

Make an easy-rsa/keys directory inside /etc/openvpn:

mkdir -p /etc/openvpn/easy-rsa/keys

2

Copy the default easy-rsa into /etc/openvpn for setting up Certificate Authority (CA), certificates and keys generation for OpenVPN server and clients:

cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

3

Edit /etc/openvpn/easy-rsa/vars:

cd /etc/openvpn/easy-rsa/
vi vars

4

Edit these parameters according to your need:

export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export KEY_EMAIL="me@example.com"

5

Move to the /etc/openvpn/easy-rsa/ and enter these commands:

cd /etc/openvpn/easy-rsa/
cp openssl-1.0.0.cnf openssl.cnf
source vars
./clean-all

6

Now, generate the CA certificate and key:

./build-ca

7

Next, generate a server certificate and private key:

./build-key-server tendo

8Note: tendo is my server name in above command, you can use your server name here.

For OpenVPN server,Diffie Hellman parameters are must:

./build-dh

9

Copy all the certificates and keys into /etc/openvpn/ from /etc/openvpn/easy-rsa/key/ subdirecotory:

cd keys/
cp ca.crt tendo.crt tendo.key dh1024.pem /etc/openvpn/

10

Create a /etc/openvpn/server.conf file and enter the certificates and keys information that we have created above:

vi /etc/openvpn/server.conf

11

Here is my server.conf file as an example, you can change it according to your requirement:

port 1194
proto udp
dev tun
ca ca.crt
cert tendo.crt
key tendo.key # This file should be kept secret
dh dh1024.pem
#VPN subnet for OpenVPN to draw client addresses from.
server 172.16.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#Push routes to the client to allow it to reach other 
#private subnets behind the server.
push "route 10.10.10.0 255.255.255.0"
#If you want that all of your Internet traffic pass 
#through the VPN server then enable this
;push "redirect-gateway def1 bypass-dhcp"
# For name resolution, enable this
;push "dhcp-option DNS 10.10.10.254"
client-to-client
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
verb 5
mute 20

12

Now, start the OpenVPN server:

service openvpn start

13Note: Forward udp port 1194 to your internal OpenVPN server on edge firewall.

Client Certificates:

VPN client also need a certificate to authenticate itself to the server. Using the root user, create the different certificate for each client:

cd /etc/openvpn/easy-rsa/
./build-key rblaptop

14Note: rblaptop is my vpn client name in above command, you can use your client name here.

Copy these files to the client machine using winscp or any other method:

1) /etc/openvpn/ca.crt
2) /etc/openvpn/easy-rsa/keys/rblaptop.crt
3) /etc/openvpn/easy-rsa/keys/rblaptop.key

Your files name will be differ, so adjust them as per your need.

OpenVPN Client Configuration on Windows Machine:

Download free OpenVPN client for windows from here, and install it. Below is the step by step procedure to configure this OpenVPN client in order to connect to the OpenVPN server that we have configured above:

1

2

3

4

5

6

7

8

9

10

11

Check the routing table on client machine:

netstat -r

12

Ping to the OpenVPN internal ip:

13

For internal host, the ping will be failed because internal host doesn’t know about this vpn pool. To overcome this problem, we need to configure NAT on OpenVPN server:

Edit the /etc/sysctl.conf file:

vi /etc/sysctl.conf

15

Enable IP forwarding by changing “net.ipv4.ip_forward” line to 1:

net.ipv4.ip_forward=1

16

Create an iptables rule to allow the proper routing of VPN subnet.

iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart

17

Reboot the server or issue this command to load the change:

sysctl -p

Ping to the internal host again:

14

Success 
Hope this will help you!

Please Remember me in your prayers